Collecting telemetry data is a usual practice that every software maker and device manufacturers do to identify, analyse and fix software issues and help improve the quality of their products, but OnePlus found collecting user identification information as well.

Moore simply started intercepting the network traffic to analyse what data his OnePlus device sends to its servers, and found that the data collected by the company included:

User’ phone number

MAC addresses

IMEI and IMSI code

Mobile network(s) names

Wireless network ESSID and BSSID

Device serial number

Timestamp when a user locks or unlocks the device

Timestamp when a user opens and closes an application on his phone

Timestamp when a user turns his phone screen on or off

It is clear that above information is enough to identify any OnePlus user.

“Wow, that is quite a bit of information about my device, even more of which can be tied directly back to me by OnePlus and other entities,” Moore said.

“It gets even worse. These event data contain timestamps of which activities were fired up in which in applications, again stamped with the phone’s serial number.”

Moreover, there’s no direct option available to disable this data collection behaviour.

This same issue was also publicly reported to OnePlus in July last year by another security researcher and software engineer, who goes by the online moniker “Tux,” but the problem got ignored by OnePlus as well as others.

Moore also reported this issue to OnePlus support, but the team did not provide any solution to address it, while OnePlus did not yet respond.

However, the good news is that Jakub Czekański, an Android developer, today introduced a permanent solution to disable this data collection practice even without rooting your smartphone.

You can directly connect your OnePlus device in USB debugging mode to a computer, open adb shell and enter this command — pm uninstall -k –user 0 net.oneplus.odm — in order to get rid of OnePlus’ excess data collecting practice.